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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

1 . (Currently Amended) A method of handling client state information, said method 
comprising: 

receiving, at a first computer system, a first request from a second computer 
system, wherein the first request is received over a computer network; 

identifying access control data pertaining to the second computer system , the 
access control data including a domain, a maximum age, a path, a port, an 
authentication strength value, an authenticating server identifier, and an access 
control privilege identifier : 

creating an encrypted value based upon the access control data[[; andll . wherein 
the creating comprises: 

hashing the access control data using a hashing algorithm, the hashing 
resulting in a hash value: and 

encrypting the hash value: and 

storing, on the second computer system, a state management data structure that 
includes an access control identifier and the encrypted value. 

2. (Original) The method of claim 1 further comprising: 

authenticating a user of the second computer system; and 

caching, on the first computer system, security attributes of the authenticated 
user that are too sensitive to be included in the state management data structure, 
wherein the cached security attributes are indexed by the encrypted value and 
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wherein cached security attributes are adapted to re-establish a security context 
of the authenticated user. 

3. (Original) The method of claim 1 wherein the access control identifier is selected 
from the group consisting of the access control data and a unique identifier used 
by the first computer system to map to the access control data stored on an 
authentication server. 

4. (Canceled) 

5. (Canceled) 

6. (Original) The method of claim 1 further comprising: 

storing the encrypted value at the first computer system in response to receiving 
the first request; 

receiving a second request from the second computer system; 

retrieving the state management data structure from the second computer 
system, the retrieving performed in conjunction with the reception of the second 
request; and 

comparing the encrypted value included in the retrieved state management data 
structure with the encrypted value stored at the first computer system. 

7. (Original) The method of claim 6 further comprising: 

re-establishing an authenticated user's security context by using the encrypted 
value as a key to retrieve the access control data cached on the first computer 
system. 

8. (Original) The method of claim 1 further comprising: 
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authenticating a user of the second computer system, wherein the identifying, 
creating, and storing are performed in response to successfully authenticating 
the user. 

9. (Currently Amended) The method of claim 8 further comprising: 

determining that [[the]] a third computer system does not have access to the 
authentication data; 

retrieving the authentication data from an authentication server in response to the 
determination; and 

storing the retrieved authentication data on a cache associated with the third 
computer system. 

1 0. (Original) The method of claim 1 further comprising: 

receiving, at the first computer system, a second request from the second 
computer system; 

retrieving the state management data structure from the second computer 
system, the retrieving performed in conjunction with the reception of the second 
request; 

determining that the retrieved state management data structure is stale based on 
a timestamp included in the state management data structure; and 

authenticating a user of the second computer system in response to the 
determination. 

1 1 . (Currently Amended) An first information handling system comprising: 
one or more processors; 

a memory accessible by the processors; 
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a network interface connecting the information handling system to a computer 
network; 

a tool for handling client state information, the tool including software effective to: 

receive, at the first information handling system, a first request from a 
second information handling system, wherein the first request is received 
over a computer network; 

identify access control data pertaining to the second information handling 
system , the access control data including a domain, a maximum age, a 
path, a port, an authentication strength value, an authenticating server 
identifier, and an access control privilege identifier ; 

create an encrypted value based upon the access control data[[; and]] ]] A 
wherein the creating comprises software effective to: 

hash the access control data using a hashing algorithm, the 
hashing resulting in a hash value: and 

encrypt the hash value; and 

store, on the second information handling system, a state management 
data structure that includes an access control identifier and the encrypted 
value. 

12. (Original) The information handling system of claim 1 1 further comprising 
software effective to: 

authenticate a user of the second information handling system; and 

cache, on the first information handling system, security attributes of the 
authenticated user that are too sensitive to be included in the state management 
data structure, wherein the cached security attributes are indexed by the 
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encrypted value and wherein cached security attributes are adapted to re- 
establish a security context of the authenticated user. 

13. (Original) The information handling system of claim 1 1 wherein the access 
control identifier is selected from the group consisting of the access control data 
and a unique identifier used by the first information handling system to map to 
the access control data stored on an authentication server. 

14. (Canceled) 

15. (Canceled) 

16. (Original) The information handling system of claim 1 1 further comprising 
software effective to: 

store the encrypted value at the first information handling system in response to 
receiving the first request; 

receive a second request from the second information handling system; 

retrieve the state management data structure from the second information 
handling system, the retrieval performed in conjunction with the reception of the 
second request; and 

compare the encrypted value included in the retrieved state management data 
structure with the encrypted value stored at the first information handling system. 

1 7. (Original) The information handling system of claim 1 6 further comprising 
software effective to: 

re-establish an authenticated user's security context by using the encrypted 
value as a key to retrieve the access control data cached on the first information 
handling system. 
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18. (Original) The information handling system of claim 1 1 further comprising 
software effective to: 

authenticate a user of the second information handling system, wherein the 
identifying, creating, and storing are performed in response to successfully 
authenticating the user. 

1 9. (Original) The information handling system of claim 1 8 further comprising 
software effective to: 

determine that a third information handling system does not have access to the 
authentication data; 

retrieve the authentication data from an authentication server in response to the 
determination; and 

store the retrieved authentication data on a cache associated with the third 
information handling system. 

20. (Original) The information handling system of claim 1 1 further comprising 
software effective to: 

receive, at the first information handling system, a second request from the 
second information handling system; 

retrieve the state management data structure from the second information 
handling system, the retrieving performed in conjunction with the reception of the 
second request; 

determine that the retrieved state management data structure is stale based on a 
timestamp included in the state management data structure; and 

authenticate a user of the second information handling system in response to the 
determination. 
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21 . (Currently Amended) A computer program product stored on a computer 
readable medium, the computer readable medium containing instructions for 
execution by a computer, which, when executed by the computer, cause the 
computer to implement a method op e rab le m e d i a for handling client state data, 
said comput e r program product method comprising: 

m e ans for receiving, at a first computer system, a first request from a second 
computer system, wherein the first request is received over a computer network; 

m e ans for identifying access control data pertaining to the second computer 
system , the access control data including a domain, a maximum age, a path, a 
port, an authentication strength value, an authenticating server identifier, and an 
access control privilege identifier ; 

m e ans for creating an encrypted value based upon the access control 
data[[;andn , wherein the creating comprises: 

hashing the access control data using a hashing algorithm, the hashing 
resulting in a hash value; and 

encrypting the hash value; and 

m e ans for storing, on the second computer system, a state management data 
structure that includes an access control identifier and the encrypted value. 

22. (Currently Amended) The computer program product of claim 21 furth e r 
compr i s i ng wherein the method further comprises : 

m e ans for authenticating a user of the second computer system; and 

m e ans for caching, on the first computer system, security attributes of the 
authenticated user that are too sensitive to be included in the state management 
data structure, wherein the cached security attributes are indexed by the 
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encrypted value and wherein cached security attributes are adapted to re- 
establish a security context of the authenticated user. 

23. (Original) The computer program product of claim 21 wherein the access control 
identifier is selected from the group consisting of the access control data and a 
unique identifier used by the first computer system to map to the access control 
data stored on an authentication server. 

24. (Canceled) 

25. (Canceled) 

26. (Currently Amended) The computer program product of claim 21 further 
compr i s i ng wherein the method further comprises : 

moano for storing the encrypted value at the first computer system in response to 
receiving the first request; 

moans for receiving a second request from the second computer system; 

moans for retrieving the state management data structure from the second 
computer system, the means for retrieving performed in conjunction with the 
reception of the second request; and 

m e ans for comparing the encrypted value included in the retrieved state 
management data structure with the encrypted value stored at the first computer 
system. 

27. (Currently Amended) The computer program product of claim 26 further 
compr i s i ng wherein the method further comprises : 
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moons for re-establishing an authenticated user's security context by using the 
encrypted value as a key to retrieve the access control data cached on the first 
computer system. 

28. (Currently Amended) The computer program product of claim 21 further 
compr i s i ng wherein the method further comprises : 

m e ans for authenticating a user of the second computer system, wherein the 
identifying, creating, and storing are performed in response to successfully 
authenticating the user. 

29. (Currently Amended) The computer program product of claim 28 furth e r 
compr i s i ng wherein the method further comprises : 

m e ans for determining that [[the]] a third computer system does not have access 
to the authentication data; 

m e ans for retrieving the authentication data from an authentication server in 
response to the determination; and 

m e ans for storing the retrieved authentication data on a cache associated with 
the third computer system. 

30. (Currently Amended) The computer program product of claim 21 furth e r 
compr i s i ng wherein the method further comprises : 

m e ans for receiving, at the first computer system, a second request from the 
second computer system; 

m e ans for retrieving the state management data structure from the second 
computer system, the means for retrieving performed in conjunction with the 
reception of the second request; 
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moans for determining that the retrieved state management data structure is 
stale based on a timestamp included in the state management data structure; 
and 

m e ans for authenticating a user of the second computer system in response to 
the determination. 
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